Branch merge
diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py
index 93660f7..f2a1ae3 100644
--- a/Lib/test/test_codecs.py
+++ b/Lib/test/test_codecs.py
@@ -668,6 +668,8 @@
self.assertTrue(codecs.lookup_error("surrogatepass"))
with self.assertRaises(UnicodeDecodeError):
b"abc\xed\xa0".decode("utf-8", "surrogatepass")
+ with self.assertRaises(UnicodeDecodeError):
+ b"abc\xed\xa0z".decode("utf-8", "surrogatepass")
@unittest.skipUnless(sys.platform == 'win32',
'cp65001 is a Windows-only codec')
diff --git a/Misc/NEWS b/Misc/NEWS
index 239fe03..9b72c5d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@
Core and Builtins
-----------------
+- Issue #16336: fix input checking in the surrogatepass error handler.
+ Patch by Serhiy Storchaka.
+
- Issue #8401: assigning an int to a bytearray slice (e.g. b[3:4] = 5) now
raises an error.
diff --git a/Python/codecs.c b/Python/codecs.c
index 5470500..fd67d1b 100644
--- a/Python/codecs.c
+++ b/Python/codecs.c
@@ -791,10 +791,10 @@
/* Try decoding a single surrogate character. If
there are more, let the codec call us again. */
p += start;
- if (strlen(p) > 2 &&
- ((p[0] & 0xf0) == 0xe0 ||
- (p[1] & 0xc0) == 0x80 ||
- (p[2] & 0xc0) == 0x80)) {
+ if (PyBytes_GET_SIZE(object) - start >= 3 &&
+ (p[0] & 0xf0) == 0xe0 &&
+ (p[1] & 0xc0) == 0x80 &&
+ (p[2] & 0xc0) == 0x80) {
/* it's a three-byte code */
ch = ((p[0] & 0x0f) << 12) + ((p[1] & 0x3f) << 6) + (p[2] & 0x3f);
if (ch < 0xd800 || ch > 0xdfff)